2019-10-14 16:03:10 +02:00
|
|
|
server {
|
|
|
|
listen 80 ;
|
|
|
|
|
|
|
|
root /var/www/howto.disroot.lan;
|
|
|
|
index index.html index.php;
|
|
|
|
server_name howto.disroot.org;
|
|
|
|
server_tokens off;
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
try_files $uri $uri/ /index.php?_url=$uri&$query_string;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /favicon.ico {
|
|
|
|
alias /var/www/howto.disroot.lan/favicon.png;
|
|
|
|
}
|
|
|
|
|
|
|
|
# deny all direct access for these folders
|
|
|
|
location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
|
|
|
|
|
|
|
|
# deny running scripts inside core system folders
|
|
|
|
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
|
|
|
|
|
|
# deny running scripts inside user folder
|
|
|
|
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
|
|
|
|
|
|
|
|
# deny access to specific files in the root folder
|
|
|
|
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
|
|
|
|
|
|
|
|
location ~ \.php$ {
|
2020-01-05 11:03:44 +01:00
|
|
|
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
2019-10-14 16:03:10 +02:00
|
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
|
|
|
}
|
|
|
|
}
|